Scientific Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

SciLinux: SLSA-2018-2918-1 Important: ghostscript on SL7.x x86_64

SciLinux: SLSA-2018-2918-1 Important: ghostscript on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) * ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910) * ghostscript: .definemodifiedfont mem [More...]

SciLinux: SLSA-2018-2892-1 Moderate: glusterfs on SL6.x x86_64

SciLinux: SLSA-2018-2892-1 Moderate: glusterfs on SL6.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) SL6 x86_64 glusterfs-3.12.2-18.el6.x86_64.rpm glusterfs-api-3.12.2-18.el6.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el6.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el6.x86_64.rpm glusterfs-fuse-3.12.2-18.el6.x86_64.rpm glusterfs-libs-3.12.2- [More...]

SciLinux: SLSA-2018-2898-1 Moderate: nss on SL6.x i386/x86_64

SciLinux: SLSA-2018-2898-1 Moderate: nss on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) SL6 x86_64 nss-3.36.0-9.el6_10.i686.rpm nss-3.36.0-9.el6_10.x86_64.rpm nss-debuginfo-3.36.0-9.el6_10.i686.rpm nss-debuginfo-3.36.0-9.el6_10.x86_64.rpm nss-sysinit-3.36.0-9.el6_10.x86_64.rpm nss-tools-3.36.0-9.el6_10.x86_64.rpm nss-devel-3.36.0-9.el6_10.i686.rpm nss [More...]

SciLinux: SLSA-2018-2846-1 Important: kernel on SL6.x i386/x86_64

SciLinux: SLSA-2018-2846-1 Important: kernel on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in [More...]

SciLinux: SLSA-2018-2768-1 Moderate: nss on SL7.x x86_64

SciLinux: SLSA-2018-2768-1 Moderate: nss on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) SL7 x86_64 nss-3.36.0-7.el7_5.i686.rpm nss-3.36.0-7.el7_5.x86_64.rpm nss-debuginfo-3.36.0-7.el7_5.i686.rpm nss-debuginfo-3.36.0-7.el7_5.x86_64.rpm nss-sysinit-3.36.0-7.el7_5.x86_64.rpm nss-tools-3.36.0-7.el7_5.x86_64.rpm nss-devel-3.36.0-7.el7_5.i686.rpm nss-devel- [More...]

SciLinux: SLSA-2018-2757-1 Moderate: 389-ds-base on SL7.x x86_64

SciLinux: SLSA-2018-2757-1 Moderate: 389-ds-base on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935) * 389-ds-base: Server crash through modify command with large DN (CVE-2018-14624) * 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2 [More...]

SciLinux: SLSA-2018-2748-1 Important: kernel on SL7.x x86_64

SciLinux: SLSA-2018-2748-1 Important: kernel on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) Bug Fix(es): See the descriptions in the related Knowledge Article: SL7 x86_64 kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-86 [More...]

SciLinux: SLSA-2018-2766-1 Moderate: flatpak on SL7.x x86_64

SciLinux: SLSA-2018-2766-1 Moderate: flatpak on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake (CVE-2018-6560) SL7 x86_64 flatpak-0.8.8-4.el7_5.x86_64.rpm flatpak-debuginfo-0.8.8-4.el7_5.x86_64.rpm flatpak-libs-0.8.8-4.el7_5.x86_64.rpm flatpak-builder-0.8.8-4.el7_5.x86_64.rpm flatpak-devel-0.8.8-4.el7_5.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2018-2737-1 Important: mod_perl on SL6.x i386/x86_64

SciLinux: SLSA-2018-2737-1 Important: mod_perl on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) SL6 x86_64 mod_perl-2.0.4-12.el6_10.x86_64.rpm mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm mod_perl-devel-2.0.4-12.el6_10.i686.rpm mod_perl-devel-2.0.4-12.el6_10.x86_64.rpm i386 mod_perl-2.0.4-12.el6_10. [More...]

SciLinux: SLSA-2018-2731-1 Important: spice and spice-gtk on SL7.x x86_64

SciLinux: SLSA-2018-2731-1 Important: spice and spice-gtk on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) This issue was discovered by Frediano Ziglio (Red Hat). SL7 x86_64 spice-debuginfo-0.14.0-2.el7_5.5.x86_64.rpm spice-glib-0.34-3.el7_5.2.i686.rpm spice-glib-0.34-3.el7_5.2.x86_64.rpm spice-gtk-debuginfo-0.34-3.el7_5.2.i686.rpm spice-gtk-debu [More...]

SciLinux: SLSA-2018-2732-1 Important: spice-gtk and spice-server on SL6.x i386/x86_64

SciLinux: SLSA-2018-2732-1 Important: spice-gtk and spice-server on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) This issue was discovered by Frediano Ziglio (Red Hat). SL6 x86_64 spice-glib-0.26-8.el6_10.1.i686.rpm spice-glib-0.26-8.el6_10.1.x86_64.rpm spice-gtk-0.26-8.el6_10.1.i686.rpm spice-gtk-0.26-8.el6_10.1.x86_64.rpm spice-gtk-debuginfo-0.26-8.e [More...]

SciLinux: SLSA-2018-2693-1 Critical: firefox on SL6.x i386/x86_64

SciLinux: SLSA-2018-2693-1 Critical: firefox on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.2.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-1237 [More...]

SciLinux: SLSA-2018-2692-1 Critical: firefox on SL7.x x86_64

SciLinux: SLSA-2018-2692-1 Critical: firefox on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update upgrades Firefox to version 60.2.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-1237 [More...]

SciLinux: SLSA-2018-2571-1 Important: bind on SL6.x i386/x86_64

SciLinux: SLSA-2018-2571-1 Important: bind on SL6.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) SL6 x86_64 bind-debuginfo-9.8.2-0.68.rc1.el6_10.1.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.1.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.1.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.1 [More...]

SciLinux: SLSA-2018-2570-1 Important: bind on SL7.x x86_64

SciLinux: SLSA-2018-2570-1 Important: bind on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) SL7 x86_64 bind-debuginfo-9.9.4-61.el7_5.1.i686.rpm bind-debuginfo-9.9.4-61.el7_5.1.x86_64.rpm bind-libs-9.9.4-61.el7_5.1.i686.rpm bind-libs-9.9.4-61.el7_5.1.x86_64.rpm bind-libs-lite-9.9.4-61.el7_5.1.i686.rpm bind-libs-lite-9. [More...]

SciLinux: SLSA-2018-2557-1 Important: postgresql on SL7.x x86_64

SciLinux: SLSA-2018-2557-1 Important: postgresql on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) SL7 x86_64 postgresql-debuginfo-9.2.24-1.el7_5.i686.rpm postgresql-debuginfo-9.2.24-1.el7_5.x86_64.rpm postgresql-libs-9.2.24-1.el7_5.i686.rpm postgresql-libs-9.2.24-1.el7_5.x86_64.rpm postgresql-9.2.24-1.el7_5.i686.rpm postgresql-9.2.24-1.el7_5.x86_64.rpm postgre [More...]

SciLinux: SLSA-2018-2526-1 Important: mutt on SL6.x, SL7.x i386/x86_64

SciLinux: SLSA-2018-2526-1 Important: mutt on SL6.x, SL7.x i386/x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) SL6 x86_64 mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm i386 mutt-1.5.20-9.20091214hg736b6a.el6.i68 [More...]

SciLinux: SLSA-2018-2439-1 Moderate: mariadb on SL7.x x86_64

SciLinux: SLSA-2018-2439-1 Moderate: mariadb on SL7.x x86_64

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 20 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved